Audit records do not record the identity of each person and terminal device having access to switch software or databases.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7974 | DSN15.02 | SV-8460r1_rule | ECAR-1 ECAR-2 ECAR-3 ECSC-1 | Medium |
| Description |
|---|
| Requirement: The IAO will ensure that the auditing process records the identity of each person and terminal device having access to switch software or databases The identity of the individual user and the terminal used during their session will be recorded in the audit records. This is needed for accountability of command issues and actions taken during each session. |
| STIG | Date |
|---|---|
| Defense Switched Network STIG | 2015-01-02 |
Details
| Check Text ( C-7373r1_chk ) |
|---|
| Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable. |
| Fix Text (F-7549r1_fix) |
|---|
| Ensure audit records contain the user and terminal identity. |